Re: [Qemu-devel] [BUG] Migration segfaults

[Pierre Riteau]

On 17 sept. 2009, at 17:05, Pierre Riteau wrote:

> The commit 7e72abc382b700a72549e8147bdea413534eeedc (vmstate: port  
> cirrus_vga device) appears to break migration for me.
> I'm migrating a Debian Lenny with 128 MB of RAM, and it segfaults at  
> the end of the migration.
>
> The following backtrace was acquired with the current HEAD  
> (b348113d2161a339780e2d9e0479b1f9a53c6cbc).
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0xb79e06b0 (LWP 9106)]
> 0x081571b3 in subpage_register (mmio=0xabf32008, start=0, end=4095,  
> memory=2089441, region_offset=0) at /mnt/qemu/exec.c:2862
> 2862                if (io_mem_read[memory][i]) {
> (gdb) bt
> #0  0x081571b3 in subpage_register (mmio=0xabf32008, start=0,  
> end=4095, memory=2089441, region_offset=0) at /mnt/qemu/exec.c:2862
> #1  0x081564c6 in cpu_register_physical_memory_offset  
> (start_addr=655360, size=131072, phys_offset=16715534,  
> region_offset=0) at /mnt/qemu/exec.c:2339
> #2  0x080bc969 in cpu_register_physical_memory (start_addr=655360,  
> size=131072, phys_offset=16715534) at /mnt/qemu/cpu-common.h:28
> #3  0x080bc9ce in unmap_linear_vram (s=0xa0c4008) at /mnt/qemu/hw/ 
> cirrus_vga.c:2623
> #4  0x080bca72 in cirrus_update_memory_access (s=0xa0c4008) at /mnt/ 
> qemu/hw/cirrus_vga.c:2648
> #5  0x080bd190 in cirrus_post_load (opaque=0xa0c4008) at /mnt/qemu/ 
> hw/cirrus_vga.c:2965
> #6  0x08128f92 in vmstate_load_state (f=0xa134760, vmsd=0x81d3a60,  
> opaque=0xa0c4008, version_id=2) at savevm.c:1087
> #7  0x08129139 in vmstate_load (f=0xa134760, se=0xa0c1218,  
> version_id=2) at savevm.c:1133
> #8  0x0812985d in qemu_loadvm_state (f=0xa134760) at savevm.c:1371
> #9  0x0811ba2e in tcp_accept_incoming_migration (opaque=0xd) at  
> migration-tcp.c:158
> #10 0x080521b6 in main_loop_wait (timeout=5000) at /mnt/qemu/vl.c:3871
> #11 0x08052870 in main_loop () at /mnt/qemu/vl.c:4091
> #12 0x08056431 in main (argc=13, argv=0xbfd6ddf4, envp=0xbfd6de2c)  
> at /mnt/qemu/vl.c:5943

Am I the only one to see this issue? I still get a SIGSEGV when  
migrating Debian VMs, however I have to press a key in the migrated VM  
to make it crash.
The backtrace looks weird:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7a496b0 (LWP 2452)]
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x08187f74 in io_writew (physaddr=104572, val=1906,  
addr=3221985404, retaddr=0xafba6969) at /mnt/qemu/softmmu_template.h:210
#2  0x08187e19 in __stw_mmu (addr=3221985404, val=1906, mmu_idx=0) at / 
mnt/qemu/softmmu_template.h:241
#3  0xafba696a in ?? ()
#4  0xc022ee8f in ?? ()
#5  0xc022ee8f in ?? ()
#6  0x00000000 in ?? ()

It also happens when migrating a VM running a Debian install CD, with  
the following backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7a256b0 (LWP 2328)]
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x0818741f in io_readb (physaddr=15422, addr=3085610046,  
retaddr=0xafb2c4de) at /mnt/qemu/softmmu_template.h:68
#2  0x081872e4 in __ldb_mmu (addr=3085610046, mmu_idx=1) at /mnt/qemu/ 
softmmu_template.h:103
#3  0xafb2c4df in ?? ()
#4  0x0804e21c in hpet_start_timer (t=0x3cf) at /mnt/qemu/vl.c:1258
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Steps to reproduce with the CD:

wget 
http://cdimage.debian.org/debian-cd/5.0.3/i386/iso-cd/debian-503-i386-businesscard.iso
qemu -m 512 -cdrom debian-503-i386-businesscard.iso -boot d -monitor  
stdio
On another machine, qemu -m 512 -cdrom debian-503-i386- 
businesscard.iso -boot d -monitor stdio -incoming tcp:0:4444
wait for the first menu, select Install (Return)
wait for the language selection menu to show up, then migrate to the  
other machine
on the destination machine, press a key in Qemu
watch it segfault

--
Pierre Riteau -- http://perso.univ-rennes1.fr/pierre.riteau/